[arch-dev-public] Arch Monthly Report - November
Levente Polyak
anthraxx at archlinux.org
Wed Nov 17 14:08:14 UTC 2021
On 11/17/21 13:27, Allan McRae via arch-dev-public wrote:
> On 17/11/21 22:03, Jelle van der Waa via arch-dev-public wrote:
>> ## Devtools
>>
>> * pacman's makepkg.conf is synced with new hardening CFLAGS such as
>> `-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security
>> -fstack-clash-protection -fcf-protection`
>
> Any chance we enable LTO too. This was not added by default to the
> pacman package - my opinion is the build resources for LTO are a bit
> high, so the user should enable it if wanted in the system makepkg.conf.
> But we did agree to enable it for system packages, and thus needs
> added to devtools makepkg.conf:
>
> https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0004-lto-by-default.rst
>
>
The idea so far was to release LTO in a second iteration as some
concerns were raised to do both set of changes at the very same time.
So far the rollout has been blocked by reproducible tooling - otherwise
we would screw over reproducibility. This has been solved and finalized
in several iterations in makerepropkg [0] and the
approach/implementation communicated and coordinated with 'repro'. The
expected time frame for the release is this week.
cheers,
Levente
[0]
https://github.com/archlinux/devtools/commit/d3cf6ad57078b66a6f75d0694c2b83dfeffe1cfa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20211117/629d535f/attachment.sig>
More information about the arch-dev-public
mailing list